As technology continues to gain prominence in healthcare, it plays an increasingly vital role. Advancements in technology have allowed the healthcare industry to stabilize costs, improve access, and personalize care delivery—objectives that were challenging in the past. These benefits come with a potential downside: data privacy issues, which are becoming more concerning as technology advances.
Coleman Technologies Blog
Facebook remains one of the most visited places on the Internet. Meta (the parent company to Facebook) also features WhatsApp and Instagram on their roster and has faced numerous security and privacy failings over the years. In this week’s blog, we’ll take a brief look at some of the most noteworthy.
Hackers are always on the lookout for personally identifiable information, or PII, as it’s an immensely lucrative resource. You’ll need to protect it if you want your business to continue operating safely and efficiently. Let’s go over what PII entails and what kinds of data you might find under this term.
Your business is likely subject to certain compliance laws and regulations depending on the type of data you collect from your clients or customers. Today, we want to emphasize the importance of your business considering regulation and compliance when managing its data and IT resources, as without doing so, you run considerable risk.
Digital monitoring is a bit of a contentious topic in business, but according to a survey from Gartner, it might not be as contentious of a topic as previously thought. In fact, employees are often in favor of digital monitoring under the appropriate circumstances, as long as it doesn’t get in the way of their jobs.
It probably isn’t a question you’ve put much thought to, but tell me: who do you think feels the greatest impact from card skimming schemes, where a payment card’s data is captured so a cybercriminal can make use of the card’s associated account? While it isn’t a good situation for anyone, some are impacted more than others.
The User Experience and How Security Fits
Let’s face it, the majority of Internet consumers have no idea about data security until something terrible happens. Until they get malware, or get their identity stolen, or their accounts hacked, they assume that there is enough built-in security to facilitate any behavior online. This is not ideal, obviously, but there are a small number of people, around 29 percent, that have enough security awareness to avoid certain websites.
Strategy #1 - Know the Value of Your Assets
By knowing the value of the data you hold, you will be able to properly prioritize how to protect it. Since IT experts have to create cybersecurity strategies based on how much harm can be done to your operational integrity and reputation, it’s good practice to know what assets hackers would be after if they were to breach your network defenses.
Security Steps
Let’s face it, your business’ cybersecurity starts and ends with your staff. They need simple, practical directions to follow or they simply won’t pay any mind to it. You don’t want to be the business that deals with significant turnover because security tasks are so demanding that their employees would rather work elsewhere. You will want to take the time to go through every part of your IT and brainstorm potential problems. You will address situations such as:
In a society where getting over on other people is the quickest way to the top, people are constantly looking to take advantage of others. We create security systems for this purpose. Since every person’s identity is unique it is often used for authentication into these secure systems. Nowadays, with the advancement of biometric technology, many organizations are pushing the envelope and using unique physical identifiers as authorization methods, and it is causing problems with the security/privacy equilibrium most people favor.
Biometrics Trending Up
Biometrics are being used everywhere from the digital security of mobile devices all the way to border security and identification. Biometrics include:
- Fingerprint identification
- Iris and retina scans
- Facial recognition
- Gait measurement
- DNA
- Handwriting recognition
- Voice recognition
- Brainwaves
...And more.
These technologies are used to effectively identify and authenticate people simply by pairing the information with existing database information. With this technology being more accessible due to falling prices, it is now being rolled out all over the world for a multitude of purposes. Across the world you can find biometrics being integrated into systems. The US FBI has a massive fingerprint database they use to help identify people. China’s Social Credit system is run on facial recognition. Businesses, like your bank, may be using your voice to authenticate who you are over the phone. With so much data being captured, and with the seemingly endless ways this technology can be used to secure almost anything, it turns out that it really isn’t securing much of anything.
The Illusion of Security
The immense scale of biometric data systems makes securing this extremely personal information nearly impossible. The question has to be asked: can a system be a human identification system and also work as an authentication system? It turns out that with all the challenges people use biometric security systems for, the only thing that it is truly good for is identifying who a person is. That’s not to say that systems can’t work in small doses, but a main problem with these systems is that the information captured--the data that is being used for the security of these physical and virtual systems--has to be saved somewhere. Moreover, with organizations mining data left and right, this very private and extremely sensitive data ends up as just another piece of data captured by corporate entities looking to turn it into a quick buck.
If that doesn’t scare you, consider that organizations and governments possessing this data and losing it to hackers, who much like these massive corporate entities, will be using it to gain a monetary advantage. Losing your identity to a hacker is a traumatic experience, but with these biometric systems, it takes on a whole new meaning. Even scarier yet is that artificial intelligence has been proven to compromise biometric indicators, leaving biometrically-protected systems accessible without physical authentication.
A Complete Lack of Privacy
We touched on this a little above, but the lack of privacy that a biometric reliant system would provide the individual would be frightening. You see, the biometric security system isn’t designed to allow for invasions of privacy, but because this technology is just in its infancy, and organizations are using it in ways that it may not be designed for, the minute a person puts his/her information into a biometric system, privacy is out. The production of the data, the way it is stored, the way it is compared to database data raise big concerns for the individual and his/her privacy.
Additionally, with changes to physiology, these biometric systems have to have some deviation built in. This poses a lot of questions about what is secure and what isn’t. These systems are definitely state-of-the-art, but if you compare the effectiveness of the security to the systems that we’ve been using (Passwords, PIN, Two-factor authentication), it’s hard to say that these advanced biometric systems are any better at keeping data or infrastructure secure.
Biometrics are definitely here to stay, but before you implement a biometric security system into your business, call the professionals at Coleman Technologies to discuss the benefits and detriments of doing so; and, the strategies where biometrics will excel. Call us at (604) 513-9428 today.
What Does Facebook Know About Me?
Consider how many opportunities Facebook has to collect information about you: there’s quite a few. For one thing, you literally tell the platform the things you “Like.” Semi-joking aside, there’s also the stuff you post, which advertisements attract your attention, and many other means for them to construct a pretty solid profile on you.
You can see this profile for yourself. In the aftermath of the Cambridge Analytica scandal - where third-party users were granted free reign and access to Facebook user info - Facebook made a promise to be more transparent. This profile is part of that transparency.
Viewing this information is pretty simple, whether you’re on your computer or you’re using the mobile application.
On a desktop or laptop:
- Log in to your Facebook account.
- Click the down arrow on the top right and go to Settings.
- On the left, click Your Facebook Information.
- Facebook will present you with five options. Look for Download Your Information.
- Click View, Facebook will give you a screen where you can choose the date range and format of the data. Since we want to download everything, we’re going to set the Date Range to All of my data and set Media Quality to High. This will give us a higher quality version of all of our photos and videos in the download.
- Click Create File and Facebook will start building the download. This can take a while, but Facebook will give you a notification when your data is ready for download.
- Once Facebook gives you the notification, click it and Download your data.
From the Facebook mobile app:
- Tap the 3-bar hamburger icon in the top right of the app.
- Scroll down and tap Settings & Privacy, and then tap Settings.
- Tap Download Your Information.
- Leave all of the options checked, and scroll down. Ensure the Date Range is set to All of my data and that Media Quality is set to High.
- Tap Create File and Facebook will give you a notification when the data is ready for download.
The “data is ready” notification will probably come after about an hour - it really depends on how long you’ve been a user, and how active you’ve been. Most people will probably have a file that takes up a few gigabytes.
Now that the report is available to you, click on Your Facebook Information.
Access Your Information - Facebook provides you with an itemized and viewable list of your Posts, Photos, and Location history ready for viewing.
Activity Log - Consider this a comprehensive timeline recap - almost a scrapbook, prepared by Facebook.
Deactivation and Deletion - People used to complain that deleting a Facebook account was a difficult process. Not anymore!
So, How Much Does Facebook Know About Me?
When you do review your file, the information they have can be shocking, mainly due to the location-based aspect of it all. You can pull up a given day and find out exactly where you were and what you did. Facebook kept track for you.
Then, you need to consider the Ads. This section will show you all of the advertisers who provided Facebook with a contact list your name appeared on. It isn’t that Facebook gave away this information, advertisers already had it and gave it to Facebook to target you on the platform.
What Does This Mean?
While it completely makes sense that Facebook would know a lot about you, seeing it all laid out (and how much of it didn’t come from your profile) isn’t exactly comforting… Facebook has been too involved in a few major data breaches. Just think - there’s a profile just like the one you retrieved about you, for over a quarter of all of the people in the world.
This rabbit hole goes deeper, too. Make sure you check back soon for part two of three of this Facebook privacy blog series.
You probably had a notion that Facebook had a bunch of your information, but how much information outside of your general profile makes you nervous when they are accused of major data breaches. What’s scarier is that the service is used by over a quarter of the world’s population.
This is only the tip of the iceberg of the information we will share about this social media giant. Check back for part two of our three-part blog series about Facebook privacy.
That’s why we wanted to make sure that you knew how to reclaim your personal data and make sure it is protected. We’ll start by protecting the information that you’ve shared.
To do this, you will want to access your Facebook account on a computer. This is going to be a lot to manage, and the mobile app would only be too much trouble to navigate.
Your Security and Privacy Options
From any page on Facebook, look for the menu, which will appear as a little downward-facing arrow. This should be at the top right-hand corner of the page. Click into Settings. This little arrow is your lifeline during this process, you can always find your way back to the beginning with that menu.
Verify the Accuracy of Your General Account Settings
Your first order of business should be to confirm that you still have access to all of the email accounts tied to your Facebook. If an account that you no longer have access to was used, account recovery becomes monumentally more difficult.
Find Out Where You’ve Used Facebook with Security and Login
On the right, you should see the Security and Login option. Click it, and Facebook will show you all of the devices where your account is logged in. Fair warning, this can be shocking - especially since it includes where and when you last used that device, and what browser you were using to do so. The longer a user has been engaged with Facebook, the more devices will likely show up here.
If one of these devices is one that you don’t recognize, you will want to change your password immediately - we’ll go over how in a moment. First, you will want to log out of Facebook on any device that you aren’t actively using. This can be done through the three-dot icon menus next to each device listed.
Change Your Password
While we’re on the topic, this is when you will want to make it a point to update your password. It will only take a minute and might just help keep your Facebook friends from being spammed and phished. You can do this using the process provided on the Security and Login page.
Remember, you should never use a password for more than one online account.
Using Two-Factor Authentication
After your password settings, you’ll see the option to set up two-factor authentication (2FA) to help protect your account. To set it up, select Use two-factor authentication and click edit, and Facebook will provide you with the instructions you need to follow. Click Get Started.
You have two options to select from as your Security Method, either using an authentication app, or to receive a text message with an additional code. Between the two, the application is the more secure option, although it does mean you need to have access to the mobile device whenever you want to check your Facebook.
Setting up the authentication app option is pretty simple. Open your application (which, if you have a Google account, might as well be Google Authenticator) and, on the computer, select the Authentication App option, as pictured, and click Next.
Facebook will display a QR code, which your authenticator app should allow you to scan when you add a new account to it. The app will then give you a six-digit number to provide to Facebook as a Confirmation Code. Simple.
If you decide to use the text message option, Facebook will simply send you a code that you have to provide upon login. It isn’t quite as secure as the app, but it will do. All you have to do to configure this is to confirm an initial code with Facebook, and you’ll be walked through the rest.
Add a Backup
Once you have two-factor authentication enabled, it only makes sense to add an additional means of 2FA as an emergency backup - in this case, whichever method you didn’t choose. Honestly, you might as well set up both, and make use of the Recovery Codes option, to boot.
Under the Add a Backup option on the Two-Factor settings page, there is also a Recovery Codes option. By clicking Setup, Facebook will provide a brief explanation, and the opportunity to Get Codes. Facebook currently gives you a list of 10 single-use 2FA codes. These are one-shot codes, but you can generate a new list whenever you want from the Two-Factor Settings page. Make sure you keep these codes in a safe place.
Setting Up Extra Security
Back on the Security and Login page, scroll down to find Setting Up Extra Security. This area lets you opt-in to alerts being sent via email or text, notification, or Facebook Messenger.
You can also Choose 3 to 5 Friends to Contact if you do find yourself locked out of your account. Make sure that these are people you truly trust.
Stay tuned for part three of this series, coming soon.
While we wish we could show you how to really accomplish true privacy on Facebook, the only way to actually reach that threshold would require you to have never signed up in the first place. This doesn’t mean, of course, that there is nothing that you can do now to protect your information - sharing more cognizantly and keeping it within circles you trust.
A Few of Facebook’s Issues
Like we said, Facebook has seen some pretty egregious security issues during its time. While we aren’t going to go too far into the weeds with these events, a quick summary might help to illustrate how careful users should really be as they use the platform:
- In 2007, Facebook introduced a feature that would allow companies to track purchases made by users and notify their friends of what they had purchased… without requiring any consent from the user.
- In 2011, the FTC charged Facebook for allowing private user information to be accessed by third parties, making this private information public without any notification.
- In 2013, Facebook introduced a Donate button that would allow users to make charitable contributions to such organizations. Unfortunately, a bug in the code allowed the email addresses and phone numbers of over six million users to be leaked.
- In 2014, Facebook actively experimented upon their users, testing their ability to manipulate their emotional states with the content the user is exposed to. Depressing content was prioritized to see if they could elicit depressed feelings. As it turns out, they can.
- In 2015, Facebook took action to assuage their users’ concern for their privacy, and rolled back the access that apps had to user data… but one has to wonder, just how much were applications privy to before this rollback?
- In 2018, Facebook suffered a massive data breach, losing the data of 50 million users. In response, Facebook did nothing… that is, until their reputation started to suffer. It was only then that they responded to the underlying issues.
Unfortunately, concerning events like these happen far too regularly to Facebook. There just seems to be difficulty in keeping their user data secure. This is why you need to pay particular attention to the settings on your own Facebook profile. Let’s go over how your information can most effectively be protected by ensuring these settings are configured properly.
Configuring Your Facebook Privacy Options
On your desktop, log in to your Facebook account. At the top-right of the page, there will be a small down arrow. Click it to access a menu, then click Settings.
You will be brought to another page, with Privacy in your list of options. Click into it.
From here, you can set your privacy options that restrict who has access to your information. For example:
Public - Setting your privacy to public is effectively turning off your privacy options. Not only can all other Facebook users potentially see your profile, even people who aren’t signed in could access it. Hypothetically, this means that the search engines could find you are well.
Friends - This setting restricts viewing privileges to only your confirmed Facebook friends.
Friends except… - If there are particular friends or members of a particular group who shouldn’t see certain information, you can prevent them from seeing this on their Facebook.
Only me - This means that (outside of Facebook) you are the only person with access to what you have posted. Just to be safe, we recommend that you still refrain from sharing anything that you wouldn’t be comfortable sharing publicly.
You also have the ability to choose the audience for each individual post. While this may give the impression of improved control over your privacy, the biggest threat to your Facebook security is probably Facebook itself.
Of course, that doesn’t mean that you aren’t given plenty of privacy options to play with. Let’s go over some of them now:
Who can see your future posts? This setting establishes a default privacy setting for the content you post on Facebook in the future. This helps insulate you from sharing content out to those who shouldn’t see it.
Review all your posts and things you’re tagged in. By using the Activity Log, you can review the entirety of your timeline and manage the permission settings of past posts. You can also review posts you have been tagged in from here.
Limit the audience for posts you’ve shared with friends of friends or Public. This is a semi-nuclear option when it comes to locking down what you’ve posted in the past. By clicking Limit Past Posts, you can change all of what you posted publicly or to friends of your friends to only be accessible to those on your Friends list. Fair warning - Facebook doesn’t provide any way to revert this, so you would have to go through your posts by hand to change them back if you so wished.
Who can send you friend requests? Depending on your preference, you have the option of picking between Everyone or Friends of friends. Unlike many of the other settings on this list, leaving this set to Everyone is probably okay.
Who can see your friends list? On the other hand, there is no reason that the rest of the world needs to see who you are connected with on Facebook. Setting this to Only me will keep this information between you and Facebook, nobody else.
Who can look you up using the email address you provided? Do you want someone who has your email to be able to find you on Facebook using it? Most likely not - so restricting this to Friends or Only me is probably in your best interest.
Who can look you up using the phone number you provided? Again, it’s really your call whether or not to allow Facebook users to find you via your phone number, but it really isn’t that necessary. You’re fine setting this to Friends or Only me.
Do you want search engines outside of Facebook to link to your profile? This one really depends on your situation. Facebook can work to prevent the assorted search engines out there, including Google and Bing, from indexing your profile (allowing searchers to find it). Most people will likely want to switch this off, but if your personal brand is part of your business, it makes more sense to turn this option to Yes.
Dictating What Others Can Do On Your Personal Facebook Profile
We all have embarrassing friends, and so you may want to avoid having them be able to freely post content to your wall - for instance, your college buddy Greg seems to have no problem with sharing candids from the good ol’ days… and tagging you in them.
Potential situations like this make it all the better that Facebook gives you control over who can post to your timeline, and who can see this content. You can access your many options to do so by clicking into Timeline and Tagging (which can be found on the left side of your Settings).
Who can post on your timeline? Naturally, you will definitely want to put a limit on this, as there is no reason that a total stranger should be reaching out on your personal profile. This is why it makes sense to only allow your Friends to do so - or, perhaps you alone with the Only me setting.
Who can see what others post on your timeline? This setting will largely depend upon who you have permitted to post on your timeline. If your Friends can post to your timeline, you definitely want your Friends to be the only ones who can see it - assuming you don’t want to maximize your privacy (and hedge your bets) with the Only me setting.
Allow others to share your posts to their stories? Ask yourself: do you want anything you post publicly to be shared by your Friends? If so, leave this one enabled.
Who can see the posts you’re tagged in on your timeline? Tagging can be an incredibly useful thing for someone trying to cultivate an image as an engaged thought leader, but it can also hurt your reputation, never mind your privacy. If people keep tagging you in assorted posts and you’d rather the public at large didn’t see these posts, you can keep these posts to your Friends, or even to Only me.
Review the posts you’re tagged in before the post appears on your timeline?
Alternatively, this is likely the best option for someone looking to be visible via tagged posts, while still remaining in control of which posts that are linked to them. Basically, you can be notified if you are ever tagged in some Facebook content, and can opt whether or not it will appear on your timeline. Fair warning - any mutual friends you have with the person who has tagged you will be able to see the tagged content before you have a chance to review it. Regardless, it is best to keep this setting on.
Review tags people add to your posts before the tags appear on Facebook? Again, this is something you’ll want control over, so set this to on as well.
Managing Your Public Post Settings
Again, from the Settings page, click into the Public Posts option on the left-hand side.
Who Can Follow Me - Rather than adding users as Friends, public figures can provide the option to just be followed by interested people. If you want to give the public at large this option, set this to Public. Otherwise, you can keep your posts among your Friends by setting this to Friends.
Public Post Comments - Or, who can comment on the posts that you’ve shared publicly. It is probably best to keep this restricted to either Friends, or perhaps Friends of Friends.
Public Profile Info - Some facets of your Facebook profile are generally available for anyone to see (like your name and profile picture). Who do you want to be able to comment on your profile picture? Keeping this capability restricted to your Friends or - maybe - Friends of Friends is probably best.
How Much Do You Want Facebook to Know About Where You Are?
Facebook has the capability to track your location history. While this information isn’t shared with your Friends or followers (beyond letting your Friends know that you are nearby), the only real reason we could come up with for Facebook to track this is to be able to target you with ads more effectively. Hopefully, that’s the reason, but even so, it is better to be safe than sorry. After all, Facebook has a history of data security missteps.
Again, starting from the Settings page, click where it says Location on the left-hand side. From there, you can see what Facebook already knows by requesting to View your Location History. However, to disable this, you’ll need to use the mobile application.
Using the Mobile Application to Turn Off Location
From the app, access the 3-bar hamburger icon (found at the top-right), and scroll down until you see Settings & Privacy. From there, you should access Privacy Shortcuts, where you’ll see a new area with various settings and documentation regarding Facebook’s identity controls.
Find Manage your location settings (you shouldn’t have to scroll to find it). Once there, you should:
- Turn off Location History (found in Location Access)
- Turn off Use Location (in Location Services)
- Find and disable Background Location
While you’re at it, you may as well delete your existing Location History.
Again, from within Privacy Shortcuts, select Manage your location settings and then View Your Location History. You will be asked for your password, and then you will see another 3-dot menu in the top-right. From there, you should Delete all location history.
Take note: if you post a photo with your location tagged, or check into some public place, you may be allowing Facebook access to your location data again.
Yes, this is a lot to take in.
Thank you for sticking with us for so long! We hope this helps you to secure your personal privacy on what is known as the social network. To learn more about protecting your privacy and information, geared more toward your business, reach out to Coleman Technologies at (604) 513-9428, and make sure to subscribe to our blog.
Personal Information
Before we get into the strategies of protection, let’s identify what constitutes personal information. It includes:
- Full Name
- Phone Number
- Email address
- Birthdate
- Social security number
- Passwords
- Biometric data
If you consider how many times a business has asked you for this information, you will understand just how exposed your personal data is. You may not consider it a big deal until you are in the throes of a situation where your identity has been stolen.
You Need to Maintain Control
Your personal information is exchanged in nearly every transaction you take part in online. In response to this, you need to understand what these organizations use this information for, and how exposure of your sensitive data diminishes your data privacy. Obviously, the goal is to keep this information out of the hands that will take advantage of it and bring detrimental situations to your doorstep.
Once you realize that you can’t trust companies with your personal information, you have started to understand the lay of the land. In Europe, the establishment of the General Data Protection Regulation (GDPR) brought the first major privacy protection law, and you are beginning to see more governments considering what to do in regard to data privacy. In many parts of the world, privacy has been nonexistent. Monitoring your information is a great way to turn that trend on its head.
As of now, people continuously distribute their information to organizations with the confidence that those organizations are going to keep that data safe. This hasn’t worked out that well for the individual, but that doesn’t seem to deter them from sharing this information anyway.
Only 10 percent of people feel like they have control over their own data, but less than 25 percent of surveyed respondents believed companies are doing enough to protect it. What is strange is that 92 percent of respondents of the same survey said that they would like to have absolute control over their personal data, with 87 percent seeking the ability to remove personal data from the Internet if it negatively affects their reputation.
Privacy Solutions
Just being diligent about who you give your data to simply isn’t enough to protect it; and with so few options available to do so, an individual’s best bet is to understand the threats they face. These include:
- Vulnerabilities in applications - Data breaches are mostly caused by software that isn’t updated with up-to-date threat definitions. This problem can happen to any organization that isn’t diligently updating the software it uses.
- Poorly trained workers/sabotage - You wouldn’t believe just how many massive data breaches are caused by the people that a business depends on the most. If your staff isn’t properly trained, or you have disgruntled employees that have access to sensitive information, those situations could end poorly for you.
- Lack of response - Even if you have all the security you need in place, breach is still a possibility. That’s why it is crucial to be prepared in the event of a breach that your organization has the tools and expertise to mitigate the situation before it becomes a problem.
- Refusal to dispose of data - Your organization may find the data it takes in useful for multiple reasons, but if you sever ties with customers, vendors, and staff, it is your responsibility to securely dispose of their personal information. A failure to do so in a timely fashion could lead to a negative situation. Get rid of the data you no longer need, especially if it contains sensitive information.
- Collection of unnecessary data - If data is a form of currency, it stands to reason that it will be shared between companies. If you don’t need the data, however, why do you have it? Possessing data you don’t intend to use--or don’t need--can lead to losing track of it.
People provide personal information all the time, and unfortunately, the organizations they are giving it to don’t understand how to protect it properly; or, worse yet, actively use it for their own monetary benefit. With the lack of effort by these organizations, individuals have no choice but to take a diligent approach to keep sensitive data away from hackers, and keep their identities secure.
If you would like more information about data security, visit our blog at www.colemantechnologies.com today.
Fortunately, there is: password management systems.
What Are Password Management Systems?
A password manager is effectively what it says on the box: it’s a program that keeps track of your passwords for you. While these are available for individual users, we are more concerned with those that are meant for businesses to leverage.
These solutions have a reputation for being complicated and time-intensive to set up. However, this no longer has to be the case, and it is now more important that you find a solution that offers the features that every business needs to prioritize.
What to Look for from a Password Manager
During your search, you will want to make sure your chosen password management system offers the following features:
Security
While this may seem obvious, not all of your password management options will necessarily offer the same protections or follow the same practices. For instance, standalone password managers are inherently more secure than those tied to another solution, like a built-in one in your browser of choice.
These separate solutions usually have additional features to assist your security as you use them. Good password managers will remind you of best practices if too many saved passwords are the same or too weak and will require multi-factor authentication to be accessed in the first place. It also wouldn’t hurt to find one that also notifies you when you’re due to update some of the passwords you have saved.
It should also never save one password: the master password used to access the solution itself. That is still the user’s responsibility.
As far as behind-the-scenes security is concerned, you should find a password manager that is itself protected by a variety of security features, like encryption, role-based access, and secure cloud storage.
Storage Considerations
Determining where your credentials are kept by the password manager is another important detail to keep in mind, largely as an extension of your security considerations. Does your password manager save your passwords to the cloud, or are they kept natively on the device? Either approach has its pros and cons.
If the cloud is leveraged, your credentials will be available to you on any of your devices… but this does put your credentials in the crosshairs if that cloud solution was ever breached. If you keep your credentials stored locally, you won’t risk losing them in a cloud storage breach, but they are still vulnerable. For instance, if that device fails, there go your passwords.
Generally, this won’t have much impact on the solution you choose, as most enable either option, if not a combination of both.
User Friendliness
As difficult as your password manager should make things for cybercriminals, it should make simple for your legitimate users - starting with adding and removing them to the business’ accounts. They should find it easy to change their password as needed, and your password manager should automatically log a user into a website or application. If it senses that there are not currently credentials for that site, it should offer to save them.
Coleman Technologies has plenty of experience dealing with password security, which means we’re familiar with password managers and maintaining them. If you’d like assistance with selecting, implementing, and utilizing one in your business, let us know! We’re just a call to (604) 513-9428 away.
Profitable Types of Data
Believe it or not, even a small business with a handful of clients has data worth stealing. You’re in business to make money, and by virtue of this fact, you likely collect and store financial information. In fact, you collect a ton of valuable data. The type of data that hackers are looking for.
In addition to all of the financial details you collect, there is also all of the contact information regarding leads, clients, and customers. With so many emails and phone numbers stored on your infrastructure, hackers can have a field day. They will have all the information they need to steal funds, distribute malware, and create unpleasant situations for your business.
The Unpredictability Factor
Not all hackers have any specific goal in mind when they hack you. Sometimes all they want to do is make your life miserable. The unpredictability associated with hackers is one of the most dangerous parts of them, as they can take advantage of any overlooked vulnerabilities to create a problematic situation for you.
The Impact of Security Negligence
If your business falls victim to a hacker, it’s certain to affect your business' operations. In some cases, it could be subject to compliance fines that could break your budget and put your business at greater risk. Furthermore, you could lose access to important data that makes your business work, threatening its future and all but guaranteeing that recovery can never happen. Therefore, the importance of protecting your network can never be overstated.
Coleman Technologies can help your business implement the security solutions needed to maximize protection from threats. To learn more about what we can do for your organization, reach out to us at (604) 513-9428.
The GDPR
Prior to the implementation of GDPR, individual data privacy was mostly left up to the individual. In non-EU circles, this is still mostly the case, but GDPR has made issues related to this much more noticeable, such as the way this personal information can be used for corporate financial gain. GDPR was a response to these organizations failing to properly utilize user data. This included people having their personal information like names, addresses, email addresses, and even medical/financial information being utilized by advertising companies or worse. The largest corporate technology companies were using the data of individuals to turn a massive profit--a practice that seemed to be unfair to consumers.
EU member states have been legislating their own data protection laws prior to the establishment of GDPR. The United States has yet to jump on board this trend, though. With GDPR, organizations are seeing themselves as members of the global economy with strict new guidelines to adhere to. The GDPR is essentially an amalgamation of the laws that had previously existed, requiring all businesses to report certain types of personal data breaches within 72 hours to a supervised authority mandated by EU member nations.
This case was a landmark in that businesses were forced to remain more cognizant of how important data management is for the people who take advantage of their services. Before GDPR, many organizations failed to protect the data of their customers, staff, and vendors. In a way, GDPR forced them to begin thinking about data management, training staff, and investing in security.
One Year In
The results of GDPR have been mixed, to say the least. Over 59,000 personal data breaches have been identified by companies notifying regulators. The sanctions for failing to comply with GDPR mandates carry fines of up to €20 million, or up to 4 percent of total revenue from the previous year (whichever is larger), leading to a more targeted and strategic approach to data security, as well as more prompt reporting of when data breaches occur. To take a look at the results the GDPR had in its first eight months, download the DLA Piper GDPR data breach survey, here.
Overall, the GDPR provided a substantial boost to data breach reporting speed. The mandate gave organizations up to 72 hours to notify breached parties, so there were fewer instances of breaches going years before being revealed to the general public. The GDPR has also resulted in nearly doubling the amount of reported incidents.
The fines resulting in these breaches being reported, however, is considerable to say the least. Fines totaling up to €55,955,871 have been levied against the companies responsible for the 59,000 reported incidents, with most of this being struck against Google. A French GDPR calls this year as more of a transitional phase rather than an indicator of the long-term effectiveness of the measure.
Effects Abroad
U.S. companies that do business in Europe aren’t safe from the measures initiated by GDPR, but organizations have started to change up their approach to data privacy. Many legislators are pushing for similar measures to GDPR, and CEOs like Apple’s Tim Cook have labeled data privacy a “fundamental human right.”
Unfortunately, this viewpoint seems to be in the minority of major American tech company leaders. Still, this hasn’t stopped states like California from implementing its own data privacy law. Other states like Colorado, Massachusetts, and Ohio were inspired to pass their own data privacy laws. Perhaps the federal government will consider acting to fill in the holes left by these data privacy laws.
What are your thoughts on GDPR and data privacy regulations? Let us know in the comments.
The GDPR (In a Nutshell)
Under the GDPR - which came into effect on May 25, 2018 - any companies that have collected data on a resident of the European Union are then responsible for protecting that data. Furthermore, the GDPR grants these residents a far higher level of access and control over the data that organizations possess.
How United States Citizens Have Reacted
According to a poll, data privacy has become a bigger priority for 73 percent of respondents, 64 percent stating that they felt the security of their data was worse than it has been in the past. 80 percent want the ability to learn who has purchased their data, while 83 percent want the ability to veto an organization’s ability to sell their data in the first place. 64 percent also stated that they want the ability to have this data deleted.
How the Government Has Reacted
Governing bodies at different levels have had different reactions to these demands. For instance, the state of California has already passed the Consumer Privacy Act (CCPA) - a piece of legislation that the House of Representatives' Consumer Protection and Commerce Subcommittee isn’t too fond of, as its position is that there needs to be a singular piece of legislation at the federal level to protect data. As of right now, data privacy is addressed in a combination of state laws and some proposed federal laws.
One of these proposed laws, the Data Care Act, spells out that (in addition to promptly alerting end users to security breaches) a service provider cannot legally share a user’s data without the receiving party also being beholden to the same confidentiality standards. Others include the Information Transparency and Personal Data Control Act, which requires transparency and personal control over data, the Consumer Data Protection Act, which could throw executives in prison for abusing data, and the American Data Dissemination Act, which sets a deadline for the government to enact privacy requirements upon businesses.
However, when the Consumer Protection and Commerce subcommittee met to discuss the prospect of a federal privacy law (which it was agreed was necessary), there weren’t any representatives for the average consumer - the ones whose data is really at stake. This reflects the hearings held last year by the Senate, also without consumer representation. Instead, technology companies were invited to participate during both sessions.
Small Business Concerns
That being said, there is very little support among the committee for any regulations that are at all similar to the GDPR. One reason for this: the fear that small businesses will not find themselves able to afford the added cost of compliance.
For instance, there are a variety of potential burdens that such a measure could potentially impose upon small and medium-sized businesses. These burdens include:
- All-encompassing overhauls that would result in lost business
- Business failure due to inadequate budgets to make the demanded changes
- Impeded growth after regulations are put in place
- Prerequisites becoming too great to start a business in the first place
- Costs passed down to SMBs from larger companies for technology services
It is worth noting that if your organization does business with people from the EU, you are responsible to adopt the privacy rules of the GDPR.
What do you think? Are laws like these necessary, especially given the cost they could put on small businesses? Have you had any data privacy concerns in the past? Share your thoughts in the comments.